According to CryptoPotato, the cryptocurrency market experienced losses of $1.9 billion in 2023 due to hacks, marking a substantial 93.6% decrease from the previous year. While this appears to be a positive trend, further examination reveals a bleaker outlook, with the frequency and sophistication of attacks on the rise, according to blockchain security auditor Hacken.
Hacken’s 2023 security report revealed that the total amount lost due to hacks and scams decreased to $1.9 billion. The largest theft of the year involved Multichain, which saw $231 million drained from its bridge. This is significantly lower than the Terra Luna incident of 2022, which wiped out over $40 billion in value, causing widespread collapses in the industry. Hacken described 2023 as a period of improved safety and better security practices. However, the auditor recorded a 14% increase in the number of attacks compared to the previous year, with a notable surge in various types of hacks.
The most damaging type of vulnerability this year was Access Control, where unauthorized access to hot wallets by hackers or insiders resulted in half of all stolen funds, averaging $31 million per incident. This includes breaches like those in Multichain and Atomic Wallet. Flash Loan attacks followed, with a total stolen amount of just over $275 million, despite a higher number of incidents than Access Control. Meanwhile, Rug Pulls averaged $566,000 per incident, making them the second least damaging type of attack after closely related Honeypot scams.
2023 witnessed a departure from the previous trend, where centralized companies collapsed in succession due to mounting bad debt. Hacken’s findings reveal that the sector most heavily impacted was Lending and Borrowing, particularly smart contract-based money markets. These platforms aggregate significant liquidity pools and provide loans to users against collateral. However, they became prime targets for hackers who exploited flash loans. Following closely in terms of stolen value were Bridges and Centralized Exchanges (CEXs). Due to their substantial liquidity pools, these projects frequently attract hackers and insider threats.
An analysis of blockchain networks most affected by exploits indicates BNB Smart Chain (BSC) and Ethereum as the primary targets, each for distinct reasons. BNB Chain reported 214 incidents, primarily rug pulls, owing to its large user base, low fees, and ease of capital movement, rendering it an appealing target for large-scale, cost-effective malicious activities. Ethereum encountered 176 incidents, encompassing classic rug pulls to sophisticated flash loan attacks. Even smaller platforms experienced their fair share of incidents. For instance, Arbitrum encountered 30 incidents, often linked to access control issues, highlighting vulnerabilities in emerging networks.